Confirming Membership of List
David Woodhouse
dwmw2 at infradead.org
Tue Jul 1 06:16:44 PDT 2014
On Tue, 2014-07-01 at 06:02 -0700, Chris J Brady wrote:
> In a master stroke of security - or rather in an appalling LACK of
> security - the mailing list owners / moderators have just sent me an
> email confirming my membership - which included MY PASSWORD IN PLAIN
> TEXT.
Sending such a reminder every month is normal for most mailman lists.
You'll have been getting one of those every month since you first
subscribed.
That's why there's a bloody great warning on the subscription page where
you enter your password, which says:
You may enter a privacy password below. This provides only mild
security, but should prevent others from messing with your
subscription. Do not use a valuable password as it will
occasionally be emailed back to you in cleartext.
The "Do not use a valuable password" bit appears to be in bold...
> For such a mailing list of potentially legally sensitive subject
> matter - i.e. how to hack the BBC's servers - this is an unacceptable
> breach of security.
No. Acceptable subject matter on this list does not include, and has
never included, the hacking of the BBC's servers.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/get_iplayer/attachments/20140701/ed2a1f4a/attachment.bin>
More information about the get_iplayer
mailing list